ExamGecko
Question list
Search
Search

List of questions

Search

Related questions











Question 20 - CAS-004 discussion

Report
Export

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

A.
The user agent client is not compatible with the WAF.
Answers
A.
The user agent client is not compatible with the WAF.
B.
A certificate on the WAF is expired.
Answers
B.
A certificate on the WAF is expired.
C.
HTTP traffic is not forwarding to HTTPS to decrypt.
Answers
C.
HTTP traffic is not forwarding to HTTPS to decrypt.
D.
Old, vulnerable cipher suites are still being used.
Answers
D.
Old, vulnerable cipher suites are still being used.
Suggested answer: C

Explanation:

This could be the cause of the lack of visibility from the WAF (Web Application Firewall) for the web application, as the WAF may not be able to inspect or block unencrypted HTTP traffic. To solve this issue, the web server should redirect all HTTP requests to HTTPS and use SSL/TLS certificates to encrypt the traffic.

asked 02/10/2024
Andrea Chichiarelli
39 questions
User
Your answer:
0 comments
Sorted by

Leave a comment first